Risk is characterized by the presence of two principal factors: Risk Probability (the probability of occurrence of a risk event) and Risk Criticality (the impact/severity of the risk event). In the context of security risk management, Risk Probability is the result of Threat (an adversary with intent and capability to cause harm) and Vulnerability (the state of conditions that would allow the adversary to succeed in causing the risk event). Developing a systematic and objective assessment of this risk situation and its contributing factors is the first step in designing an effective, comprehensive, and cost-justified security program.
CIS consultants assist the risk assessment process in a variety of ways according to our client’s objectives and needs. Our services range from specialized assessment of specific vulnerability concerns (e.g., PPS analysis, red teaming, etc.) to developing new and comprehensive risk assessment methodologies to support client-specific objectives such as security program design, budget planning and strategic decision making, and compliance with regulatory or industry requirements.